LDAP  Attributes for Barracuda Web Filter

Similar Messages

• Fastvue Reporter for Barracuda Web Filter Is Now Available!

  Have you ever wondered how you could change the URL for all of your different modules to better your social networking site? Well, in this article, I am going to … Learn More
  Read More

  This past week, the Spiceworks Community talked over dreams jobs gone awry, the difficulty of taking a lunch break when everyone and their mother needs help, and the whimsical problems an IT pro faces in the First World.The community also talked over the times when whimsy gives way to restlessness (and how to give your two weeks' notice), why the computer monitors of the '80s were green, how to reclaim a company iPhone that mysteriously ends up at a pawn shop, and how many ebooks is too many for Microsoft to give out for free.Last but not least, the much talked about cyberattack on the controversial Italian company Hacking Team did more than show the world's dirty laundry – it exposed a zero-day exploit in Adobe Flash.Iwas an IT administrator for one weekCareers– Sure, I said. I'll start tomorrow, I said. After all, it sounded like a...

• Barracuda Web Filter Agent WMI problem

  sorry, I should have included that originally, the DC's are on Windows Server 2008 R2 and functional level of 2008.  Thanks!

  I have a Barracuda 410 Web Filter Appliance that is suddenly giving me authentication fits. We have the Barracuda Agent app installed on both of our DC's to pipe domain login/logout info to the Barracuda appliance for user authentication.Recently the Agent app has stopped working and Barracuda support hasn't been any help. We didnt make any changes to the DC's that I believe would cause this t break, other than Windows Updates (shocking!) According to support the app runs a WMI query of:
  SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_NTLogEvent' and TargetInstance.EventCode = '4624'
  When I launch WBEMTEST on the DC's and try to run the query manually I get an error of:Number: 0x80041003Facility: WMIDescription: Access deniedI am no WMI expert so I did some googling with that error code but nothing I have...
  This topic first appeared in the Spiceworks Community

• LDAP Attribute for POP3 access

  Dear folks,
  In SUN JES subscriber LDAP information, is there any LDAP subscriber LDAP attribute that indicates the subscriber having access to POP3?
  If there is, what kind/type of value can it be ?
  Thanks,
  T Dang

  Hi,
  For future reference, please always provide the version of messaging server you are using. (./imsimta version)
  With regards to your question, POP access is provided unless it is denied (assuming that POP daemon is enabled). Is there a user who is being denied and you are trying to work out why?
  The LDAP attribute which restricts access to POP/IMAP/HTTP access of the store is mailallowedserviceaccess
  Regards,
  Shane.

• LDAP attribute for user's last login time?

  Hi all,
  Is there an LDAP attribute that I could return (via an "ldapsearch" query) that would contain the user's last login time?
  We have:
  Directory Server Version: 5.2_Patch_2 ; Build number: 2004.107.0034
  other...
  Identity Server 2004Q2
  sparc-sun-solaris2.9
  Thanks in advance!

  Hello,
  If you need this info, you will have to create a password policy that log last logon time.
  But be carefull with this function, it can create a lot of cpu load.
  <http://docs.sun.com/app/docs/doc/820-4809/fhkrj?l=en&n=1&a=view>
  Regards
  Eric.

• Creation of LDAP User for Discoverer Web Services

  Hi all,
  this isn't a Discoverer issue per se, but I couldn't find where to post this in other forums.
  After installing the web services patch for Discoverer (5648158), I need to create a bipublisher user
  in OIDDAS right? However our installation seems a bit ***** up. So I need to do it from the command line.
  I found some instructions in: here
  and created the following bipublisher.ldif file:
  cn=bipublisher,cn=users,dc=company,dc=com
  objectclass=top
  objectclass=person
  objectclass=inetorgperson
  objectclass=organizationalperson
  objectclass=orcluser
  objectclass=orcluserv2
  objectclass=orclUserProvStatus
  givenname=Web
  userpassword=oracle123
  displayname=bipublisher
  orcldefaultprofilegroup=cn=sr_users ,cn=groups,dc=company,dc=com
  preferredlanguage=en-US
  sn=Services
  orcltimezone=Europe/Athens
  mail=[email protected]
  uid=bipublisher
  orclactivestartdate=20080612000000z
  cn=bipublisher
  orclisenabled=ENABLEDthen inserted the entry with:
  ldapadd -h my.host.com -D"cn=orcladmin" -w oracle123 -v -f bipublisher.ldif
  However when I try to login in the web services from Discoverer, I still get invalid credentials
  Any clues? Thanks
  PS I'm talking about the login web service method, not the basic web authentication. I am past that.
  Edited by: dvm on Mar 6, 2009 3:30 AM

  Nevermind, it seems the server was just a bit slow to take the new account under consideration.

• Problem with my company's web filter, Barracuda when I try to access the internet

  I'm having problems accessing the internet on my tour.  Ever since my company put me on their BlackBerry Enterprise Server it appears that when accessing certain web sites the Barracuda web filter comes on.  It's so frustrating... on top of it my company doesn't pay for my phone at all.  Therefore, I do use my BlackBerry for personal as well as business. 
  I spoke with the IT guy and he initially thought it was the Desktop Software I downloaded to my computer, but we have uninstalled it and re-booted my phone and it's still happening.  I called Verizon Wireless and they tell me that it's because I'm on the company's enterprise server and that I am tied to their internet service and that's why I'm getting the Barracuda access denied on certain sites that they have restricted.  I am incredibly frustrated and don't know what to do...  I want to stay on their server because of the push email and the synchronization  for all my contacts and calendar.  Any help is much appreciated...
  Thanks.
  TinaMarie

  mabbas wrote:
  The blackberries are designed to send everything through the corporate network, when using an Enterprise Server.
  Hi and Welcome to the Forums!
  Just to be sure that this is clear -- they are not "designed" as you state...rather, the BES admins can force all Internet traffic through BES (and thereby apply filters) or they can allow it to go direct through the carrier network. The IT Policy placed onto the device at BES activation is in control of how the traffic flows.
  Cheers!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Best Web Filter and Application control for K-12 School using Chromebooks

  Sophos UTM has good education pricing and provides all this and a lot more
  Wil replace the firewall and has excellent web filtering and application control
  Also nice features for education like allowing google apps but limiting to your google domain

  We are currently using Barracuda Web Filter (410) with a Watchguard firewall. This school year we are launching Google for Education with 160 Chromebooks to start the program.
  We need to upgrade our webfilter and are considering another Barracuda as well as Litespeed, Websense and perhaps OpenDNS. 
  is there anyone who is in a similar situation that has some recommendation?
  Here are a few more details:
  School is 900+ students
  300 wired workstations
  Active directory environment
  Ruckus Wireless with 30+ access points
  This topic first appeared in the Spiceworks Community

• How to get user 'logged in' to ironport web filter without launching IE

  We have an issue with some employees who use third party programs that traverse the Internet.  These programs are 100% allowed by the organization as they are required for day to day business.  Some programs go over the Internet to communicate for certain reasons, such as a live chat help support, or ordering products, etc..
  The problem is that some of these users log in and never even touch Internet Explorer for awhile.  They will go on and start working right away.  Well if they don't try to access an Internet site via IE, then the Ironport does not 'log them in', and they are known as unauthenticated.  Of course this doesn't happen with everyone.  There's nothing wrong with people coming in a little early and checking the local news online.
  We were thinking up if it's possible to have each user 'touch' the ironport web filter in some way during a logon script, unbeknown to the end user, so that they are 'signed in' and whatever Internet connected application they launch has access through to the Internet.  Right now they need to at least launch IE and go to some site (say Google or MSN) and via NTLM credentials transparently passed through IE7, 8 or 9, they can simply close the page and go about their business.  Note: they MUST go to an external site.... not an internally hosted one (such as our Intranet, time clock or HR self service pages).
  So is there any commands we can put in via kix or bat or something that will say "Hey Ironport, %username% just logged in at 10.x.x.x".  Then maybe to make it more advanced, a logoff script that says "Hey Ironport, %username% just logged OFF of 10.x.x.x".  This way when our hourly timeout happens, they aren't immediately booted from their Internet applications (if they don't keep an IE window open that is).
  Right now our ASA Firewall uses WCCP to forward port 80 to the ironport web filter.  The Ironport is a transparent proxy.
  Thanks!

  So it looks like you are moving the authentication from the Ironport S160 to the ASA5500 series firewall?
  I guess we are looking at something simpler, like a way to 'touch' the internet and pass NTLM credentials, because then the Ironport knows who the user is.
  If the user does not 'touch' the internet with IE, and say they use some other program that does not pass NTLM credentials (say Firefox or live chat program, or an ftp program, etc...) They are likely to be blocked, because the Ironport doesn't know who they are.
  Your link seems to lead to a complicated setup for something that seems so simple.  I'm not sure how that relates to an Ironport S160.. it seems to focus on the ASA5500. Also we want it to be completely 100% transparent to the end user.
  This is how it worked with a Barracuda web filter appliance...
  A DCAgent program sat on each domain controller. As users logged in or out of the domain, this agent passed this current activity to the Barracuda web filter appliance.
  The Barracuda appliance knew exactly who was logged in because of this little program on the domain controller(s) that kept it updated. Based on this, policies could be assigned based on Active Directory group memberships. ie) HR and Marketing can access Facebook, while others cannot.
  I guess I'm looking for similar functionality with the Ironport S160. If there's any way the domain controller, or even the client PC can say "Hey Ironport, %username% is logged on here at %ip_address%". That way the Ironport would know who they are, and there would be no unnecessary authentication boxes (besides the user logging into the windows domain). They could use internet connected apps that do not pass NTLM authentication. I guess the client PC or the domain controller would also have to tell the IronPort when they signed off, just so we don't have to deal with authentication timeouts. This way, say they are in our internet chat help program... after an hour, it will cut out and disconnect them - because the IronPort forgets who they are (unless they are actively using the internet with IE).
  So for now, we just use the bypass option for the affected internet services.  The default browser is IE, so the reality is that we are not suffering any tremendous inconvienence.  It's just that we want to ensure we have the best robust solution, and we can handle these types of situations with programs other than IE accessing internet resources.

• Web Filter Recommendations

  Hi All,I have a couple of computers that are in need of some kind of web filtering. They run 24/7 and are out in the boonies somewhere where the nights are long and boring. Thus the night shift likes to surf the web to pass the time. This is causing issues, such as a crypto locker variant that has now rendered one of the machines useless. This is costing money as operating out there without a computer causes major production problems. To that end, I am looking for a web filter that I can use on these machines that wont necessarily require a huge amount of trial and testing, talking to sales people, getting quotes, etc. While an enterprise solution would be nice, for now I just need to put something on these 2 machines, quickly and relatively inexpensively that will allow me to block traffic to all web sites except those deemed...
  This topic first appeared in the Spiceworks Community

  Josh,
  I have 10,000 wireless devices. I call BS. You are right some vendor / dept yelled loud enough .. I feel for you.. It will be a up hill battle.
  I would do this . Create a standard that will get most devices to conform to. Some older medical devices wont be able to do AES. So you may be stuck with a WPA/TKIP security.
  Good luck .. hit me up on my blog my80211.com if you have specific questions. Ill see what I can do to help .. We likely run the same equipment and apps and have good relationships with some of the vendors.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Windows LDAP attributes match for the Synology LDAP client profile filter.

  I am having Windows server 2012 domain controller with LDAP enabled. I wish to enable LDAP client on Synology Diskstation to search for users and enable them access of shared folders of Synology. Hence, I have enabled the client which shows connected to the Windows LDAP service, but not populating any users.
  Anybody figured out this? It requires profile settings. I'm finding difficult to identify the LDAP attributes match for the Synology profile filter attributes.
  Refer following image.
  This topic first appeared in the Spiceworks Community

  Specify a Dynamic Access Profile with:
  Criteria: User has ALL of the following AAA attribute values...
  ldap.memberOf != GroupName
  cisco.tunnelgroup = TunnelGruopName
  Should work
  /K

• How to create @prompt filter at universe level for my Webi reports

  Dear all,
  I am using BO XI 3.1 SP3 with SAP BW 7.0.
  I have created an open[big] query based on a multiprovider for my OLAP universe.
  OBJECTIVE: to create LOV prompts for Calender year, for my webi reports, which takes 2010 as input then offsets the input year and then shows Gross sales for the prompt year [2010], 2009 & 2008.
  ISSUE: if 2010 is selected in webi prompt filter, then it doesn't display any data for any other year, lets say gross sales for 2009.
  ALTERNATIVE: i tried to create a prompt filter in the universe with this syntax,
  <FILTER KEY="@Select(Calendar year\Calendar year).[TECH_NAME]"><CONDITION OPERATORCONDITION="InList"><CONSTANT TECH_NAME="@Prompt('Enter year','N',,Mono,Free,Not_Persistent)"/></CONDITION></FILTER>
  it worked fine. but i also want to create a measure or dimension which subtracts 1 from the above filter and return a result with a previous year.
  e.g
  PROMPT: 2010
  PROMPT-1: 2009
  Universe structure
  [TIME]                         class
    [Calender year]        class
       [Calender year]     dimension  ( type:string)
  Please guide me with correct procedure and syntax.

  masood44 ,
  I think you should just prompt for year and capture and use the selection at the webi report  level.
  say you have calendar year(convert it into numeric) prompt at webi level. say user selects 2010 capture it in a variable var1:userresponse('enter year'). then create a variABLE (var2)  with formula :
  if(isPromptAnswered('enter year')='yes';([year] where year inlist(var1;var1-1;var1-2);null)
  build your report with var2 and gross income
  Thanks,
  Karthik
  Edited by: kbharadwaj79 on Jun 2, 2011 5:34 PM

• User attributes for LDAP

  Hi guys,
  Currently we have an error for LDAP attribute .
  distinguishedName = (String) user.getTransientAttribute("ldap.distinguished_name");
  user is of type IUser.
  and it return null
  where could i find the list of user attributes in LDAP? currently we have LDAP 8.8.1.

  Don,
  you might should have a look at a LDAP Browser (eg. http://www-unix.mcs.anl.gov/~gawor/ldap/ ) which helps a lot to find out how the structure of your LDAP server is and which attributes you can access.
  1) Start the tool
  2) click onto the "Quick Connect"
  3) enter you LDAP server
  4) press "Fetch DNs"
  5) Uncheck "Anonymous bind"
  6) Enter your user credentials
  7) Browse your LDAP structure
  It helped me a lot to get the correct settings for the DBMS_LDAP calls.
  Patrick
  My APEX Blog: http://www.inside-oracle-apex.com
  The ApexLib Framework: http://apexlib.sourceforge.net
  The APEX Builder Plugin: http://apexplugin.sourceforge.net/ New!

• Web-services.xml: cannot set "charset" attribute for alternative encoding

  Hi,
  the definition of the charset attribute in tag web-service in a web-services.xml
  descriptor gets lost, when deploying a web-service.
  Sample:
  Before deployment I defined:
  <web-service charset="ISO-8859-1" useSOAP12="false" targetNamespace="http://www.itpearls.com/unity/SubscriberData"
  name="WebSubscriberDataCollector" style="rpc" uri="/WebSubscriberDataCollector">
  After deployment the console states:
  <web-service jmsUri="ISO-8859-1" useSOAP12="false" exposeWSDL="true" targetNamespace="http://www.itpearls.com/unity/SubscriberData"
  name="WebSubscriberDataCollector" style="rpc" uri="/WebSubscriberDataCollector">
  So the value "ISO-8859-1" changed his master :-(
  I consider this a bug. Is there a workaround for the charset definition of an
  individual web-service?
  Thanks for an comments
  Manfred

  Hi Neal
  my server's locale is not en_US. The locale command delivers:
  $ locale
  LANG=de_CH.ISO8859-1
  LC_CTYPE="de_CH.ISO8859-1"
  LC_NUMERIC="de_CH.ISO8859-1"
  LC_TIME="de_CH.ISO8859-1"
  LC_COLLATE="de_CH.ISO8859-1"
  LC_MONETARY="de_CH.ISO8859-1"
  LC_MESSAGES="de_CH.ISO8859-1"
  LC_ALL=de_CH.ISO8859-1
  but the Weblogic Server remains stubborn on all possibilities according to http://e-docs.bea.com/wls/docs81/webserv/i18n.html#1069538
  and keeps complaining:
  java.io.CharConversionException: Malformed UTF-8 char -- is an XML encoding declaration
  missing?
  My analysis: The Weblogic server seems to expect a UTF-8 compliant stream (due
  to the current user.language property set to "de") regardless of the chosen configuration
  possibilities proposed on the above mentioned link page.
  Q: is this bug related to CR105388 on http://e-docs.bea.com/wls/docs81/notes/issues.html
  Now I urgently need a workaround to make Umlaute contained in a web service request
  working.
  Thanks for any help
  Manfred
  "Manfred Sturm" <[email protected]> wrote:
  >
  Hi Neal
  OK, typo. But it doesn't work. I get the console output:
  java.io.CharConversionException: Malformed UTF-8 char -- is an XML encoding
  declaration
  missing?
  plus I get following stack trace from the web-service client:
  javax.xml.soap.SOAPException: Failed to read a xml element from
  Vorname_aou_AOU091 Name_aou_AOU091 Ort_äou_AOU091 091A 1091 Strasse_aou_AOU091
  bbcs adsl sample string
  at weblogic.webservice.tools.pagegen.SampleInstance.getJavaObject(SampleInstance.java:139)
  at weblogic.webservice.server.servlet.ServletBase.getJavaParams(ServletBase.java:378)
  at weblogic.webservice.server.servlet.ServletBase.invokeMultiOutput(ServletBase.java:347)
  at weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.java:306)
  at weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServiceServlet.java:312)
  at weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:272)
  at weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:154)
  at weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet.java:232)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1053)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:387)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6310)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3622)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2569)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  (server's locale is en_US)
  Alternatively, when using "-Dweblogic.webservice.i18n.charset=ISO-8859-1"
  in
  I get the console output:
  <Oct 7, 2003 11:46:05 AM MEST> <Warning> <Management> <BEA-141087> <Unrecognized
  property: webservice.i18n.charset.>
  which results in the above stack trace when invoking on the web service.
  I still need a workaround within weblogic server. I cannot change the
  Solaris
  server's locale settings.
  Thanks for an comments
  Manfred
  "Neal Yin" <[email protected]> wrote:
  Hi Manfred,
  There is a typo in code. But this should NOT affect any functionality
  (charset attribute is working). Please contact support for a patch.
  Thanks,
  -Neal
  "Manfred Sturm" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  the definition of the charset attribute in tag web-service in aweb-services.xml
  descriptor gets lost, when deploying a web-service.
  Sample:
  Before deployment I defined:
  <web-service charset="ISO-8859-1" useSOAP12="false"
  targetNamespace="http://www.itpearls.com/unity/SubscriberData"
  name="WebSubscriberDataCollector" style="rpc"uri="/WebSubscriberDataCollector">
  After deployment the console states:
  <web-service jmsUri="ISO-8859-1" useSOAP12="false" exposeWSDL="true"
  targetNamespace="http://www.itpearls.com/unity/SubscriberData"
  name="WebSubscriberDataCollector" style="rpc"uri="/WebSubscriberDataCollector">
  So the value "ISO-8859-1" changed his master :-(
  I consider this a bug. Is there a workaround for the charset definitionof
  an
  individual web-service?
  Thanks for an comments
  Manfred

• How to display attributes for a CHAR in the Excel file (BEx)?

  Hi all,
  I knew that I can display attributes for a CHAR (ex: attributes - address, phone#, zip code for CHAR-Customer) when I run Web- based report. But I cannot find this function after I export the file to Excel. In the context menu for excel file, I only see 'select filter'(but no display attribute values), drilldown, properties (for query). Is it something that I cannot have in the excel file for the BEx report?
  Thanks
  J.

  Hi Bhanu,
  In fact, I found that I can move IOs in the 'rows', 'column', and 'free CHARs' and so do end user by using 'local view'. That means every one can change the query definition, right?
  For your last question, that was what I want to know. How can I prevent 'end users' change those query definitions? Is it about 'role' setting, right? But I am not the one to do 'role' setting.
  Thanks for help. (I will asign points when the SDN system works)
  J.